FIDO Client To Authenticator Protocol (CTAP): CTAP specifies a protocol for communication between a personal device with cryptographic capabilities (aka authenticator) and a host computer that wishes to use these capabilities for security functions including strong user authentication...!”

FIDO Web API (WebAuthn): Defines how to use the WebCrypto APIs to allow web pages to access strong credentials through browser JavaScript, in a way that is easy to use for developers to code...

Kelby Ludwig - writing at Duo Lab's has just posted a fascinating blog entry detailing their recent discovery of SAML vulns potentially affecting a range of implementations and deployments. In this case, the vulnerability appears to be a zero knowledge scenario (of the attributes of the target's password). H/T

"This blog post describes a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password. - viaDuo Lab'sKelby Ludwig